Headline: Look at Aave. Building

On April 18, the assailants, using the authentication node of the Kelp DAO Trans-Clan Bridge, released some $292 million in collateral-free rsETH, which was deposited in Aave to borrow the real WETHI don't know。

The uncollateralized rsETH was accepted as a compliance collateral, and the loaned real WETH could not be covered by the equivalent price, resulting in Aave facing bad debt exposures of up to $230.1 million。

According to the chain analyst, the remains are monitoredAs of the morning of 23 AprilAave TVL has fallen by $30 billion, from $45.8 billion before the incident to $29.6 billion, leaving $16.2 billion, a drop of over 40 per cent。

The panic spread far beyond that. Morpho, Sky, JupLend and others that are not directly involved in rsETH have also been released on a large scale, not even on SolanaI don't know。

However, the crisis also created an unexpected winner. Some of the funds that fled from Aave went directly to Spark, SPK coins, which increased by more than 150 per cent over seven days。

1. Aave, first and foremost

Why did Aave become the biggest hostage to this event, starting with its structure。

rsETH, a liquid pledge token (Liquid Restating Token) for Kelp DAO, is highly associated with ETH and is classified by the Aave risk model as a high-quality collateral with low volatility and high mobility。

Under E-Mode (efficiency model), it enjoyed a loan value ratio of 93-95 per cent (LTV), allowing users to borrow WETH with very high leverage。

This parameter is set to be essentially priced in relation to the strong price of rsETH and its liquidity performance in secondary markets, while ignoringrsETH relies heavily on the Trans-Cyber Zero V2 contract。

As a result, when the attackers took advantage of a single DVN loophole configured by Kelp on April 18, and cast around 11.65 million collateral-free rsETH (value about $292 million) and deposited most of it (approximately 89,567) into Aave to lend real WETH, the agreement was directly exposed to hundreds of millions of dollars of bad debts, although it was designed to function properly, and neither the liquidation mechanism nor the predictor triggered anomalies。

More ironically, just nine days before the incident (9 April), the newly appointed risk service provider, LlamaRicsk, submitted the Risk Stewarts proposal for “a strong market demand, a sufficiently mobile chain, and a healthy user-leveraging behaviour”, raising the supply ceiling from 480,000 to 530,000 from the rsETH network。

By this time, the supply utilization rate of rsETH in Aave was close to 99.9 per cent, and the leverage re-admittance strategy was as hot as it was, but the safety assumptions at the bottom of the bridge were not re-examined。

After the attack, Aave quickly suspended WETH withdrawals, resulting in a deposit certificate aETHWETH showing a clear discount。Link tracking showsI don't knowDue to Aave's suspension of WETH withdrawals, the deposit certificate aETHWETH was depreciated, with a whale offering 13,000 ETH from the exchange to buy an ETHWETH through Swap an additional 1: 143 net gains from borrowing。

The contagion effect spreads rapidly to the stable currency pool. Circle, Chief Economist, Gordon Liao, launch emergencyGovernance proposalsIt is proposed that the maximum deposit rate of the Aave V3 International Network USDC be raised to approximately 48.2 per cent to respond to a situation where the utilization of the USDC pool has exceeded 99.87 per cent for many days in a period of near paralysis。

It's still fermenting. AaveBeforeTwo paths for the treatment of losses were proposed: a discount of about 15 per cent shared by all rsETH holders and approximately $123.7 million in bad debts; and the isolation of losses to L2 without impact on the Taipei network, but Mantle would face a 71.45 per cent WETH gap and Arbitrum would face a 26.67 per cent gap and the scale of bad debts would increase to about $230.1 million。

On 21 April, the Arbitrum Security Committee announced an emergency freeze of 30,766 ETH (approximately $71 million) held at the address related to the attack and the transfer to the intermediate wallets under governance control。

The founder of Aave, Stani Kulechov, stated that the team was working with multiple partners to promote recovery programmes to achieve an orderly return to normal market conditions and protect user interests. Arbitrum Security Council recovered $70 million worth of ETH, which could significantly reduce potential risk exposureI don't know。

DefiLlama founder 0xngmi further states that if funds are frozen first and foremost for the Arbitrum local Aave market, in the case of rsETH shared burden impairment, bad debts on the chain are expected to decrease by 80 per cent or even close to zero。

Nevertheless, the Umbrella security reserve of Aave (about $80 million to $100 million) is still facing a potential shortfall of up to $230.1 million. The protocol has recommended that the Umbrella module be suspended to avoid automatic slashing too quickly and to be manually processed by the governance。

To date, the WETH reserve at the Ether Core V3 market has been partially released, but the LTV remains at 0; the WETH reserve at the Prime, Arbitrum, Base, Mantle and Linea chains remains frozen or restricted。

2. Why did Spark avoid this loss

Spark achieved zero direct losses in this Kelp DAO rsETH bridging attack, which dates back to January 2026. In Aave incorporating rsETH into E-Mode (efficiency model) and opening up the same time window for highly leveraged borrowing, Spark selects assets with low usage, such as lower shelf rsETH, while fully tightening the collateral access criteria。

After the incident, Spark, head of strategy, monetsupply.ethCommunicationsExplains the logic of the timeI don't knowSpark has long set a high maximum interest rate ceiling on the ETH lending market and has, over the past year, taken the initiative to cede some of its operations and revenues to Aave (the latter had set the ETH borrowing rate below 10 per cent to attract leverage users)。

This option then triggered a strong discontent among the users of the ETH-Role Leverage strategy, with some of the funds opting out of Spark. However, the downgrading of rsETH has proved to be an extremely prudent initiative - SparkLend's ETH withdrawals remain fully liquid and the relevant market in Aave has been locked in high utilization。

i'm sorry, sirAlsoWarningI don't knowAS A CORE COLLATERAL, INSUFFICIENT MOBILITY IS BY NO MEANS SIMPLY A USER-INCONVENIENT BUT A SYSTEMIC SECURITY RISK。

He noted that, in the current environment of Aave, about 16.5 per cent of the supply in the ETH market was supported by rsETH and that E-Mode could face a 10-15 per cent reduction if the rsETH related loans were split equally on the main network and L2. This will prompt the accelerated exit of the ETH supplier, resulting in a 100 per cent utilization factor and a failure to effectively incentivize the LST revolving repayment to release liquidity。

So, if ETH again falls 15-20%, Aave may face a significant accumulation of bad debts. For Spark, this zero loss is also based on the premise that the market has not continued。

Spark ProtocolTeamIn the CainCatcher interviewOrganisationSo, it's not a single downside action, it's a more conservative system of risk parameters that keeps Spark out of shock. HimGuysIt was noted that Spark had adopted conservative LTV and strict supply caps (rate-limited sub-caps) when onboarding rsETH, and that potential losses would be very limited and easily recoverable even if they had not fallen off the shelf. “It would be unrealistic to assume that no loss will ever occur if any collateral goes online means taking a certain degree of risk. In SparkLend, we expect such incidents to occur occasionally and ensure that the agreement is resilient to these scenes.”

Spark ProtocolThe team is still hereIt was revealed that the Spark team was equipped with multiple early warning tools, including AI testing and custom surveillance software. After learning of the potential attack, they completed the screening of all direct and indirect openings in 30 minutes and launched the market-wide exit plan。

YeahAfter the accidentThe problem of large financial flowsThey..OrganisationI don't knowSpark can borrow billions of dollars from Sky to respond to any liquidity needI don't knowThis high concentration flow is more a recognition of the safety of Spark Savings. Throughout the crisis, Spark Savings USDT was the only place to maintain sufficient liquidity throughout the process, which was never below $400 million。

No one expected that the biggest short-term benefit from this Aave bad accounts wave would be Spark. After the massive exodus from Aave, some of the funds went directly to Spark. The latest DefiLlama data indicates that its TVL has been about 1 before the event9The billion dollars went up rapidly to 3.3-3.5 billion dollars in levels (up by more than 80 per cent), partly due to the continuing infusion of large households such as Sun。

SOURCE: Defillama

AT THE SAME TIME, THERE WAS A STRONG REBOUND IN THE PRICE OF SPK TOKENS:AS OF DISPATCH, SPK PASTTwenty-four hours of growth95%, nearly 7 days by more than 180%. The F2Pool co-founder, Wang Pure Haut, received 83.7 million SPK awards from Spark over the past year and sold all of them on COWSwap in exchange for 663 ETH and $1.4 million, now “a little regret”。

Source:RootData

However, as DefiLlama founder 0xngmi said, there are no real winners in such incidents。

The growth of Spark's TVL is essentially a redistribution of DeFi stock funds between agreements rather than an entry of new capital. The whole industry's “cakes” are shrinking in the short term, and no one can be left out。

3. Who's responsible for this

The entry point for the attack was the cross-link bridge in Kelp DAO, which was configured at the single validation node in LayerZero. The smart contract of the loan agreement is not problematic, but the loss ultimately falls on the loan agreement and its users。

Encryption Researcher CM points to a long-neglected distinction: the cross-chain version of assets and primary assets are essentially two different things, just as Bridged USDC is not equivalent to a true USDC, and the price of rsETH can be highly associated with ETH, but its security is highly dependent on the reliability of the bridge contract。

It's two completely different thingsAs already statedAave ' s risk model accurately priced price relevance and liquidity while systematically ignoring bridging infrastructure risks。

The problem goes beyond that. Aave covered 22 chains, each with different configurations of bridges, different sources of prophecies, different paths of liquidation. This complexity has become difficult to manage in real time. When there are problems with multiple chains at the same time, the only thing that can be done is to freeze the market, because there is no mechanism designed in advance to determine what to do with the loss。

In terms of attribution of responsibility, Kelp DAO and LayerZero are caught in a public mutual recrimination: Kelp stressed that the default configuration of LayerZero was a risk and that many protocols were using similar settings; LayerZero pointed out that Kelp had chosen a low-security single-certifier configuration, although it had recommended a multi-DVN solution。

No clear delineation of responsibilities or compensation framework has been reached between the partiesI don't knowPollymarket's latest data indicate that the probability that the market bet “Kelp will share the loss” has been further reduced from 50 per cent at the beginning of the event to about 12 per cent。

A third voice emerged in the community around the distribution of loss。

Senior DeFi Player@DeFi DadIn the discussion, the question was raised as to why both options would allow users to bear the losses, and not why a white knight could not intervene to fill the gap through a debt repayment plan. He named Bybit, Coinbase, Binance as an opportunity for CEX to show a sense of existence。

Encryption Investor@anndylianA more specific approach was proposed: Kelp DAO issued a "debt certificate" to Aave, committed to gradually buy back the future commission income to destroy the uncollateralized rsETH, turn the one-time hard anchor into a instalments, and avoid a collapse of Kelp currency prices due to immediate payment。

With regard to the liability boundary, there is an industry consensus in favour that Kelp DAO, as the issuer of rsETH, has guaranteed the configuration of the LayerZero official bridge, so that rsETH-related losses should be borne primarily by the socialization of all rsETH holders, while Aave DAO is responsible for its risk management decisions (including rsETH's LTV, supply cap and E-Mode setting)。

In the end, Kelp and LayerZero swung each other and lit up DeFi's current pain: In a complex system that cuts across the chain, the LRT and the depth of the lending agreement, it is not clear who will bear the responsibility in the event of an incident, and it is often the lending agreement and its users who will end up paying。

Despite Kelp DAOIn the latest developmentsThe signal of “user preference” and active consultation was released, but the end of the incident was followed by a high reliance on Kelp to vote on the disposal of the remaining endorsed assets and on the governance of the parties。

It's a little proof, tooIn the absence of an industry consensus on the responsibility boundary, borrowing agreements must proactively internalize external reliance, such as bridge-to-bridge risk, into their own systems of wind control, rather than rely on retroactive or external liability。